@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.170 → 0.34.1-fix.171

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +6 -3
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +7 -4
  4. package/dist/index.js.map +1 -1
  5. package/package.json +14 -14
  6. package/src/agent/SIOPv2RP.ts +12 -69
package/dist/index.cjs CHANGED
@@ -791,6 +791,8 @@ var SIOPv2RP = class _SIOPv2RP {
791
791
  hasher = import_ssi_sdk2.shaHasher;
792
792
  }
793
793
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
794
+ const xx = import_dcql.DcqlPresentation.parse(vpToken);
795
+ console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`);
794
796
  const claims = [];
795
797
  for (const [key, value] of Object.entries(vpToken)) {
796
798
  const presentationDecoded = import_ssi_types2.CredentialMapper.decodeVerifiablePresentation(
@@ -799,7 +801,7 @@ var SIOPv2RP = class _SIOPv2RP {
799
801
  hasher
800
802
  );
801
803
  console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`);
802
- let allClaims = {};
804
+ const allClaims = {};
803
805
  const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded);
804
806
  if ("verifiableCredential" in presentationOrClaims) {
805
807
  for (const credential of presentationOrClaims.verifiableCredential) {
@@ -843,8 +845,9 @@ var SIOPv2RP = class _SIOPv2RP {
843
845
  vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
844
846
  }
845
847
  },
846
- credential_claims: claims
847
- //(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
848
+ ...claims.length > 0 && {
849
+ credential_claims: claims
850
+ }
848
851
  };
849
852
  }
850
853
  return responseState;
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson, EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n //decodeSdJwtVc,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n //IProofPurpose,\n //IProofType,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n //sha256\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n//import { jwtDecode } from 'jwt-decode'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n let allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n // const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n // .map(async (presentation: OriginalVerifiablePresentation) => {\n // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n // presentation,\n // //todo: later we want to conditionally pass in options for mdl-mdoc here\n // hasher,\n // )\n //\n //\n //\n // return {\n // id: presentationDecoded.id\n // }\n //\n // })\n\n // // todo this should also include mdl-mdoc\n // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n // responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n // //todo: later we want to conditionally pass in options for mdl-mdoc here\n // hasher,\n // )\n // console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()\n }\n\n // switch (args.includeVerifiedData) {\n // case VerifiedDataMode.VERIFIED_PRESENTATION:\n // responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n // break\n // case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n // const allClaims: AdditionalClaims = {}\n // for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n // const vc = credential as IVerifiableCredential\n // const schemaValidationResult = await context.agent.cvVerifySchema({\n // credential,\n // hasher,\n // validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n // })\n // if (!schemaValidationResult.result) {\n // responseState.status = AuthorizationResponseStateStatus.ERROR\n // responseState.error = new Error(schemaValidationResult.error)\n // return responseState\n // }\n //\n // const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n // if (!('id' in allClaims)) {\n // allClaims['id'] = credentialSubject.id\n // }\n //\n // Object.entries(credentialSubject).forEach(([key, value]) => {\n // if (!(key in allClaims)) {\n // allClaims[key] = value\n // }\n // })\n // }\n // responseState.verifiedData = allClaims\n // break\n // }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseStateWithVerifiedData,\n CallbackOpts,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n callback?: CallbackOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n //includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId?: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBAQO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,oBAiBO;AAEP,kBAA0B;;;AC9B1B,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAKO;AAKP,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BN,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaS,2BAA2BC,aAAa;AACxDV,oBAAYS,2BAA2BC,YAAYV;MACrD;IACF;EACF;AAEA,QAAMW,aAAab,eAAec,uBAAwB,UAAMC,uCAAmBnD,OAAAA;AACnF,QAAMoD,eAAelB,OAAOkB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,gBACnCE,qCAAiBnF,SAAS;IACxBoF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCtD,OAAOuD,gBAAgBD;AAC5D,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBvG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCrE,OAAOxC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB4G;IAAY5G,sCAAiB6G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVlH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFoH,mBAAmB;IACrB;EACF,GACApH,OAAAA,CAAAA,EAGPqH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMyH,WAAWrF,eAAeqF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM7H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMoH,WAAmB5F,OAAO6E,oBAAoBgB,aAAaF,WAAWG,eAAWC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC9J,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIlD,WAAW;AACbqD,YAAQ6C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B9C,YAAQ+C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE2F,UAAQkD,sBAAsBF,iBAAAA;AAC9B,SAAOhD;AACT;AA3IsB1D;AA6If,SAAS2G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,MAAEiH,gDAA2BtI,MAAAA,SAAWuI,gDAA2BvI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUjE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM1E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFlB,QAAQ;QAAEJ,YAAYlH,OAAOkH;QAAYuB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOd,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOuB;EACjB;AACF;AAfSwF;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC7ShB,kBAA6B;AAE7B,IAAAK,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAoCf,SAAyC;AACtH,UAAM,EAAEgB,eAAeP,SAASQ,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKN;AAC1G,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,QAAIS;AACJ,UAAMC,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAC/D,YAAI8B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKlC,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAG/B,8BAA8B;MAC/BgC,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAP;MACAa;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXjC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,UAAMU,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAE/D,QAAIyB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK5C,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAM;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFzFO,IAAMyB,WAAN,MAAMA,UAAAA;EApDb,OAoDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAEA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAClD,cAAMQ,sBAAsBf,mCAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,YAAIK,YAA8B,CAAC;AACnC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMrE,QAAQsE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,uDAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AA0BA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA0C,mBAAmBnC;;MACrB;IAmCF;AACA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,mCAAiB8C,yBAAyB/B,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,mCAAiB+C,sBAAsBhC,mBAAAA;EAC7C,GAXmC;EAanC,MAAclE,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAK+D,UAAU,iCAAiC;AAClD,YAAMb,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKnE,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG4E,2BAA2B;QAClC5D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAe+D,4BAA4BjE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAKkE,uBAAuB;AAC/B,YAAMhB,MAAM,2CAAA;IACd;AACA,UAAMiB,eACJ,OAAOnE,KAAKkE,0BAA0B,eACjCE,uCAAgBpE,KAAKkE,qBAAqB,IAC3ClE,KAAKkE;AACX,WAAO,MAAM,KAAKnF,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGiF,4BAA4BF,cAAc;MAC3C/D,eAAeJ,KAAKI;MACpB,GAAIJ,KAAKsE,mBAAmB;QAAEC,WAAWvE,KAAKsE,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAUxE,KAAKwE;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAcxG,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAEqG,SAASC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC3D,UAAM6E,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAOjC,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAIkC;AACJ,UAAIJ,eAAeE,aAAa;AAC9BG,8BAAUC,SAASN,eAAeE,YAAYX,SAAS;AACvDvC,gBAAQC,IAAI,8BAA8B+C,eAAeE,YAAYhG,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAC5HQ,uBAAeJ,eAAeE,YAAYhG;MAC5C;AACA,UAAI+F,mBAAmB;AACrB,cAAM7G,QAAQsE,MAAM6C,sBAAsB;UAAEC,YAAYP;QAAkB,CAAA;AAC1EjD,gBAAQC,IAAI,6BAA6BgD,kBAAkB7B,EAAE,MAAM6B,kBAAkBQ,IAAI,4BAA4Bb,kBAAAA,EAAoB;AACzIQ,uBAAeH,kBAAkB7B;MACnC;AAEA,aAAOhF,QAAQsE,MAAMgD,qBAAqB;QACxCC,gBAAgB;UACdP;UACAV;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACAvI,MAAM;UAAEiI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc3G,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAMwH,aAAa5F,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AAClC,YAAMtF,aAAa,KAAKzD,UAAUoD,IAAI2F,UAAAA;AACtC,UAAItF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAG0G,uBAAuB;UAC/BC,gBAAgB/F,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAK+D,SAAS;YAAEA,OAAO/D,KAAK+D;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOtD;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAMwH,aAAa1G,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgB/G,OAAAA;AAC1C,YAAMgH,SAAS,MAAM,KAAKC,aAAa/H,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACkH,OAAO5H,eAAeC,aAAaC,YAAY,OAAO0H,OAAO5H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACyH,OAAO5H,gBAAgBC,aAAa;AACvC2H,iBAAO5H,iBAAiB;YAAE,GAAG4H,OAAO5H;UAAe;AACnD4H,iBAAO5H,eAAeC,cAAc;YAAE,GAAG2H,OAAO5H,eAAeC;UAAY;QAC7E;AACAyD,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EgH,eAAO5H,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAUuJ,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAM1F,aAAa,KAAKzD,UAAUoD,IAAI2F,UAAAA;AACtC,QAAI5G,qBAAqB;AACvBsB,iBAAWa,UAAUoF,sBAAsBvH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM6F,aAAa/H,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAM6J,UAAU,KAAKP,gBAAgB/G,OAAAA,GAAUgH,UAAU,KAAKvJ,KAAK0B;AACnE,QAAI,CAACmI,SAAS;AACZ,YAAMtD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAACmI,QAAQlI,gBAAgB;AAC3BkI,gBAAQlI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACkI,QAAQlI,eAAemI,QAAQ;AAClCD,kBAAQlI,eAAemI,SAAS,KAAK9J,KAAK0B,YAAYC,eAAemI;QACvE;AACA,YAAI,CAACD,QAAQlI,eAAeoI,qBAAqB;AAC/CF,kBAAQlI,eAAeoI,sBAAsB,KAAK/J,KAAK0B,YAAYC,eAAeoI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKhK,KAAK0B,YAAYsI;QACpD;MACF;AACA,UAAI,CAACH,QAAQlI,eAAeC,eAAe,OAAOiI,QAAQlI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrH+H,gBAAQlI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwBwH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBvH;IAChC;AACA,WAAOwH;EACT;EAEAP,gBAAgBb,cAAwD;AACtE,QAAI,CAAC,KAAKzI,KAAKqJ,aAAc,QAAOvF;AAEpC,UAAMmG,cAAcxB,eAAe,KAAKzI,KAAKqJ,aAAaa,KAAK,CAACC,MAAMA,EAAE5H,YAAYkG,YAAAA,IAAgB3E;AAEpG,WAAOmG,eAAe,KAAKG,kBAAkB3B,YAAAA;EAC/C;EAEQ2B,kBAAkB3B,cAAkC;AAC1D,QAAI,CAAC,KAAKzI,KAAKqJ,aAAc,QAAOvF;AAEpC,UAAMuG,iBAAiB,KAAKrK,KAAKqJ,aAAaa,KAAK,CAACC,MAAMA,EAAE5H,YAAY,SAAA;AACxE,QAAI8H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI5B,iBAAiB3E,QAAW;AAC9BwG,sBAAc/H,UAAUkG;MAC1B;AACA,aAAO6B;IACT;AAEA,WAAOxG;EACT;AACF;;;AGjaO,IAAKyG,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","definitionId","DcqlQuery","validate","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}
1
+ {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlPresentation, DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const xx = DcqlPresentation.parse(vpToken)\n console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseStateWithVerifiedData,\n CallbackOpts,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n callback?: CallbackOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n //includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId?: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBASO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,oBAaO;AAEP,kBAA4C;;;AC3B5C,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAKO;AAKP,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BN,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaS,2BAA2BC,aAAa;AACxDV,oBAAYS,2BAA2BC,YAAYV;MACrD;IACF;EACF;AAEA,QAAMW,aAAab,eAAec,uBAAwB,UAAMC,uCAAmBnD,OAAAA;AACnF,QAAMoD,eAAelB,OAAOkB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,gBACnCE,qCAAiBnF,SAAS;IACxBoF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCtD,OAAOuD,gBAAgBD;AAC5D,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBvG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCrE,OAAOxC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB4G;IAAY5G,sCAAiB6G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVlH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFoH,mBAAmB;IACrB;EACF,GACApH,OAAAA,CAAAA,EAGPqH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMyH,WAAWrF,eAAeqF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM7H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMoH,WAAmB5F,OAAO6E,oBAAoBgB,aAAaF,WAAWG,eAAWC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC9J,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIlD,WAAW;AACbqD,YAAQ6C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B9C,YAAQ+C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE2F,UAAQkD,sBAAsBF,iBAAAA;AAC9B,SAAOhD;AACT;AA3IsB1D;AA6If,SAAS2G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,MAAEiH,gDAA2BtI,MAAAA,SAAWuI,gDAA2BvI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUjE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM1E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFlB,QAAQ;QAAEJ,YAAYlH,OAAOkH;QAAYuB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOd,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOuB;EACjB;AACF;AAfSwF;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC7ShB,kBAA6B;AAE7B,IAAAK,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAoCf,SAAyC;AACtH,UAAM,EAAEgB,eAAeP,SAASQ,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKN;AAC1G,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,QAAIS;AACJ,UAAMC,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAC/D,YAAI8B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKlC,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAG/B,8BAA8B;MAC/BgC,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAP;MACAa;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXjC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,UAAMU,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAE/D,QAAIyB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK5C,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAM;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AF7FO,IAAMyB,WAAN,MAAMA,UAAAA;EAhDb,OAgDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,KAAKC,6BAAiBF,MAAMF,OAAAA;AAClCK,cAAQC,IAAI,yBAAyBL,KAAKM,UAAUJ,EAAAA,CAAAA,EAAK;AACzD,YAAMK,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQZ,OAAAA,GAAU;AAElD,cAAMa,sBAAsBpB,mCAAiBqB;UAC3CJ;;UAEAlB;QAAAA;AAEFa,gBAAQC,IAAI,wBAAwBL,KAAKM,UAAUM,mBAAAA,CAAAA,EAAsB;AAEzE,cAAME,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBJ,mBAAAA;AAC3D,YAAI,0BAA0BG,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMvE,QAAQwE,MAAMC,eAAe;cAChEL;cACA1B;cACAgC,kBAAkBxC,WAAWa,UAAU4B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCvC,4BAAcC,SAASC,uDAAiCsC;AACxDxC,4BAAcyC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOzC;YACT;AAEA,kBAAM2C,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEArB,mBAAOC,QAAQmB,iBAAAA,EAAmBE,QAAQ,CAAC,CAACxB,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOM,YAAY;AACvBA,0BAAUN,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO0B,KAAK;cACVF,IAAIvB;cACJ0B,MAAMf,GAAGe,KAAK,CAAA;cACd3B,QAAQO;YACV,CAAA;UACF;QACF,OAAO;AACLP,iBAAO0B,KAAK;YACVF,IAAIvB;YACJ0B,MAAOtB,oBAAyDuB,eAAeC;YAC/E7B,QAAQQ;UACV,CAAA;QACF;MACF;AAEA5B,oBAAckD,eAAe;QAC3B,GAAIlD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7C2C,wBAAwB;YACtB3C,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIY,OAAOgC,SAAS,KAAK;UAAEC,mBAAmBjC;QAAO;MACvD;IACF;AAEA,WAAOpB;EACT;EAEQ6B,2BAA2B,wBACjCJ,wBAAAA;AAOA,WAAOpB,mCAAiBiD,yBAAyB7B,mBAAAA,IAC7CA,oBAAoBuB,iBACpB3C,mCAAiBkD,sBAAsB9B,mBAAAA;EAC7C,GAXmC;EAanC,MAAcvE,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAKkE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKrE,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG+E,2BAA2B;QAClC/D,eAAeJ,KAAKI;QACpB+C,OAAOnD,KAAKmD,QAAQ,IAAIC,MAAMpD,KAAKmD,KAAK,IAAI1C;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAekE,4BAA4BpE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAKqE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOtE,KAAKqE,0BAA0B,eACjCE,uCAAgBvE,KAAKqE,qBAAqB,IAC3CrE,KAAKqE;AACX,WAAO,MAAM,KAAKtF,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGoF,4BAA4BF,cAAc;MAC3ClE,eAAeJ,KAAKI;MACpB,GAAIJ,KAAKyE,mBAAmB;QAAEC,WAAW1E,KAAKyE,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAU3E,KAAK2E;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc3G,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAEwG,SAASC,UAAUC,SAASC,mBAAkB,IAAK/E;AAC3D,UAAMgF,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAOlC,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAImC;AACJ,UAAIJ,eAAeE,aAAa;AAC9BG,8BAAUC,SAASN,eAAeE,YAAYX,SAAS;AACvD/C,gBAAQC,IAAI,8BAA8BuD,eAAeE,YAAYnG,OAAO,4BAA4B6F,kBAAAA,EAAoB;AAC5HQ,uBAAeJ,eAAeE,YAAYnG;MAC5C;AACA,UAAIkG,mBAAmB;AACrB,cAAMhH,QAAQwE,MAAM8C,sBAAsB;UAAEC,YAAYP;QAAkB,CAAA;AAC1EzD,gBAAQC,IAAI,6BAA6BwD,kBAAkB9B,EAAE,MAAM8B,kBAAkBQ,IAAI,4BAA4Bb,kBAAAA,EAAoB;AACzIQ,uBAAeH,kBAAkB9B;MACnC;AAEA,aAAOlF,QAAQwE,MAAMiD,qBAAqB;QACxCC,gBAAgB;UACdP;UACAV;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACA1I,MAAM;UAAEoI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc9G,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAM2H,aAAa/F,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAUmJ,IAAID,UAAAA,GAAa;AAClC,YAAMzF,aAAa,KAAKzD,UAAUoD,IAAI8F,UAAAA;AACtC,UAAIzF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAG6G,uBAAuB;UAC/BC,gBAAgBlG,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKkE,SAAS;YAAEA,OAAOlE,KAAKkE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOzD;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAM2H,aAAa7G,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAUmJ,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgBlH,OAAAA;AAC1C,YAAMmH,SAAS,MAAM,KAAKC,aAAalI,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACqH,OAAO/H,eAAeC,aAAaC,YAAY,OAAO6H,OAAO/H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC4H,OAAO/H,gBAAgBC,aAAa;AACvC8H,iBAAO/H,iBAAiB;YAAE,GAAG+H,OAAO/H;UAAe;AACnD+H,iBAAO/H,eAAeC,cAAc;YAAE,GAAG8H,OAAO/H,eAAeC;UAAY;QAC7E;AACAoD,gBAAQC,IAAI,iEAAiE1C,OAAAA;AAC7EmH,eAAO/H,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAU0J,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAM7F,aAAa,KAAKzD,UAAUoD,IAAI8F,UAAAA;AACtC,QAAI/G,qBAAqB;AACvBsB,iBAAWa,UAAUuF,sBAAsB1H;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMgG,aAAalI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAMgK,UAAU,KAAKP,gBAAgBlH,OAAAA,GAAUmH,UAAU,KAAK1J,KAAK0B;AACnE,QAAI,CAACsI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DlE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAACsI,QAAQrI,gBAAgB;AAC3BqI,gBAAQrI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACqI,QAAQrI,eAAesI,QAAQ;AAClCD,kBAAQrI,eAAesI,SAAS,KAAKjK,KAAK0B,YAAYC,eAAesI;QACvE;AACA,YAAI,CAACD,QAAQrI,eAAeuI,qBAAqB;AAC/CF,kBAAQrI,eAAeuI,sBAAsB,KAAKlK,KAAK0B,YAAYC,eAAeuI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKnK,KAAK0B,YAAYyI;QACpD;MACF;AACA,UAAI,CAACH,QAAQrI,eAAeC,eAAe,OAAOoI,QAAQrI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHkI,gBAAQrI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwB2H,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB1H;IAChC;AACA,WAAO2H;EACT;EAEAP,gBAAgBb,cAAwD;AACtE,QAAI,CAAC,KAAK5I,KAAKwJ,aAAc,QAAO1F;AAEpC,UAAMsG,cAAcxB,eAAe,KAAK5I,KAAKwJ,aAAaa,KAAK,CAACC,MAAMA,EAAE/H,YAAYqG,YAAAA,IAAgB9E;AAEpG,WAAOsG,eAAe,KAAKG,kBAAkB3B,YAAAA;EAC/C;EAEQ2B,kBAAkB3B,cAAkC;AAC1D,QAAI,CAAC,KAAK5I,KAAKwJ,aAAc,QAAO1F;AAEpC,UAAM0G,iBAAiB,KAAKxK,KAAKwJ,aAAaa,KAAK,CAACC,MAAMA,EAAE/H,YAAY,SAAA;AACxE,QAAIiI,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI5B,iBAAiB9E,QAAW;AAC9B2G,sBAAclI,UAAUqG;MAC1B;AACA,aAAO6B;IACT;AAEA,WAAO3G;EACT;AACF;;;AGxWO,IAAK4G,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","xx","DcqlPresentation","console","log","stringify","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","definitionId","DcqlQuery","validate","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}
package/dist/index.js CHANGED
@@ -337,7 +337,7 @@ import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did
337
337
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
338
338
  import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
339
339
  import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
340
- import { DcqlQuery } from "dcql";
340
+ import { DcqlPresentation, DcqlQuery } from "dcql";
341
341
 
342
342
  // src/functions.ts
343
343
  import { ClientIdentifierPrefix, InMemoryRPSessionManager, PassBy, PropertyTarget, ResponseMode, ResponseType, RevocationVerification, RP, Scope, SubjectType, SupportedVersion } from "@sphereon/did-auth-siop";
@@ -765,6 +765,8 @@ var SIOPv2RP = class _SIOPv2RP {
765
765
  hasher = defaultHasher2;
766
766
  }
767
767
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
768
+ const xx = DcqlPresentation.parse(vpToken);
769
+ console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`);
768
770
  const claims = [];
769
771
  for (const [key, value] of Object.entries(vpToken)) {
770
772
  const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
@@ -773,7 +775,7 @@ var SIOPv2RP = class _SIOPv2RP {
773
775
  hasher
774
776
  );
775
777
  console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`);
776
- let allClaims = {};
778
+ const allClaims = {};
777
779
  const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded);
778
780
  if ("verifiableCredential" in presentationOrClaims) {
779
781
  for (const credential of presentationOrClaims.verifiableCredential) {
@@ -817,8 +819,9 @@ var SIOPv2RP = class _SIOPv2RP {
817
819
  vp_token: typeof responseState.response.payload.vp_token === "string" ? JSON.parse(responseState.response.payload.vp_token) : responseState.response.payload.vp_token
818
820
  }
819
821
  },
820
- credential_claims: claims
821
- //(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
822
+ ...claims.length > 0 && {
823
+ credential_claims: claims
824
+ }
822
825
  };
823
826
  }
824
827
  return responseState;
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson, EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n //decodeSdJwtVc,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n //IProofPurpose,\n //IProofType,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n //sha256\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n//import { jwtDecode } from 'jwt-decode'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n let allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n // const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n // .map(async (presentation: OriginalVerifiablePresentation) => {\n // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n // presentation,\n // //todo: later we want to conditionally pass in options for mdl-mdoc here\n // hasher,\n // )\n //\n //\n //\n // return {\n // id: presentationDecoded.id\n // }\n //\n // })\n\n // // todo this should also include mdl-mdoc\n // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n // responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n // //todo: later we want to conditionally pass in options for mdl-mdoc here\n // hasher,\n // )\n // console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()\n }\n\n // switch (args.includeVerifiedData) {\n // case VerifiedDataMode.VERIFIED_PRESENTATION:\n // responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n // break\n // case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n // const allClaims: AdditionalClaims = {}\n // for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n // const vc = credential as IVerifiableCredential\n // const schemaValidationResult = await context.agent.cvVerifySchema({\n // credential,\n // hasher,\n // validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n // })\n // if (!schemaValidationResult.result) {\n // responseState.status = AuthorizationResponseStateStatus.ERROR\n // responseState.error = new Error(schemaValidationResult.error)\n // return responseState\n // }\n //\n // const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n // if (!('id' in allClaims)) {\n // allClaims['id'] = credentialSubject.id\n // }\n //\n // Object.entries(credentialSubject).forEach(([key, value]) => {\n // if (!(key in allClaims)) {\n // allClaims[key] = value\n // }\n // })\n // }\n // responseState.verifiedData = allClaims\n // break\n // }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseStateWithVerifiedData,\n CallbackOpts,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n callback?: CallbackOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n //includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId?: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAEK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAEEC,oBAAAA,yBAeK;AAEP,SAASC,iBAAiB;;;AC9B1B,SACEC,wBAEAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SACEC,wBAIK;AAKP,SAASC,oBAAoB;AAG7B,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BN,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaS,2BAA2BC,aAAa;AACxDV,oBAAYS,2BAA2BC,YAAYV;MACrD;IACF;EACF;AAEA,QAAMW,aAAab,eAAec,uBAAwB,MAAMC,mBAAmBnD,OAAAA;AACnF,QAAMoD,eAAelB,OAAOkB,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,YACnCE,iBAAiBnF,SAAS;IACxBoF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCtD,OAAOuD,gBAAgBD;AAC5D,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBvG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBACCrE,OAAOxC,qBAAqB;IAACE,iBAAiBC;IAAgCD,iBAAiB4G;IAAY5G,iBAAiB6G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,yBAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,eAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVlH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFoH,mBAAmB;IACrB;EACF,GACApH,OAAAA,CAAAA,EAGPqH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMyH,WAAWrF,eAAeqF;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM7H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMoH,WAAmB5F,OAAO6E,oBAAoBgB,aAAaF,WAAWG,WAAWC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC9J,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIlD,WAAW;AACbqD,YAAQ6C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B9C,YAAQ+C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE2F,UAAQkD,sBAAsBF,iBAAAA;AAC9B,SAAOhD;AACT;AA3IsB1D;AA6If,SAAS2G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,EAAEiH,2BAA2BtI,MAAAA,KAAWuI,2BAA2BvI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUjE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM1E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFlB,QAAQ;QAAEJ,YAAYlH,OAAOkH;QAAYuB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOd,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOuB;EACjB;AACF;AAfSwF;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC7ShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAoCf,SAAyC;AACtH,UAAM,EAAEgB,eAAeP,SAASQ,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKN;AAC1G,UAAMO,QAAQP,WAAWO,SAASC,OAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,QAAIS;AACJ,UAAMC,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQ1B,OAAAA;AAC/D,QAAI8B,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKlC,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAG/B,8BAA8B;MAC/BgC,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAP;MACAa;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXjC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMO,QAAQP,WAAWO,SAASC,OAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,UAAMU,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQ1B,OAAAA;AAE/D,QAAIyB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK5C,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAM;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFzFO,IAAMyB,WAAN,MAAMA,UAAAA;EApDb,OAoDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAEA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAClD,cAAMQ,sBAAsBf,kBAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,YAAIK,YAA8B,CAAC;AACnC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMrE,QAAQsE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,iCAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AA0BA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA0C,mBAAmBnC;;MACrB;IAmCF;AACA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,kBAAiB8C,yBAAyB/B,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,kBAAiB+C,sBAAsBhC,mBAAAA;EAC7C,GAXmC;EAanC,MAAclE,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAK+D,UAAU,iCAAiC;AAClD,YAAMb,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKnE,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG4E,2BAA2B;QAClC5D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAe+D,4BAA4BjE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAKkE,uBAAuB;AAC/B,YAAMhB,MAAM,2CAAA;IACd;AACA,UAAMiB,eACJ,OAAOnE,KAAKkE,0BAA0B,WACjCE,gBAAgBpE,KAAKkE,qBAAqB,IAC3ClE,KAAKkE;AACX,WAAO,MAAM,KAAKnF,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGiF,4BAA4BF,cAAc;MAC3C/D,eAAeJ,KAAKI;MACpB,GAAIJ,KAAKsE,mBAAmB;QAAEC,WAAWvE,KAAKsE,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAUxE,KAAKwE;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAcxG,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAEqG,SAASC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC3D,UAAM6E,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAOjC,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAIkC;AACJ,UAAIJ,eAAeE,aAAa;AAC9BG,kBAAUC,SAASN,eAAeE,YAAYX,SAAS;AACvDvC,gBAAQC,IAAI,8BAA8B+C,eAAeE,YAAYhG,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAC5HQ,uBAAeJ,eAAeE,YAAYhG;MAC5C;AACA,UAAI+F,mBAAmB;AACrB,cAAM7G,QAAQsE,MAAM6C,sBAAsB;UAAEC,YAAYP;QAAkB,CAAA;AAC1EjD,gBAAQC,IAAI,6BAA6BgD,kBAAkB7B,EAAE,MAAM6B,kBAAkBQ,IAAI,4BAA4Bb,kBAAAA,EAAoB;AACzIQ,uBAAeH,kBAAkB7B;MACnC;AAEA,aAAOhF,QAAQsE,MAAMgD,qBAAqB;QACxCC,gBAAgB;UACdP;UACAV;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACAvI,MAAM;UAAEiI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc3G,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAMwH,aAAa5F,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AAClC,YAAMtF,aAAa,KAAKzD,UAAUoD,IAAI2F,UAAAA;AACtC,UAAItF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAG0G,uBAAuB;UAC/BC,gBAAgB/F,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAK+D,SAAS;YAAEA,OAAO/D,KAAK+D;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOtD;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAMwH,aAAa1G,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgB/G,OAAAA;AAC1C,YAAMgH,SAAS,MAAM,KAAKC,aAAa/H,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACkH,OAAO5H,eAAeC,aAAaC,YAAY,OAAO0H,OAAO5H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACyH,OAAO5H,gBAAgBC,aAAa;AACvC2H,iBAAO5H,iBAAiB;YAAE,GAAG4H,OAAO5H;UAAe;AACnD4H,iBAAO5H,eAAeC,cAAc;YAAE,GAAG2H,OAAO5H,eAAeC;UAAY;QAC7E;AACAyD,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EgH,eAAO5H,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAUuJ,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAM1F,aAAa,KAAKzD,UAAUoD,IAAI2F,UAAAA;AACtC,QAAI5G,qBAAqB;AACvBsB,iBAAWa,UAAUoF,sBAAsBvH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM6F,aAAa/H,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAM6J,UAAU,KAAKP,gBAAgB/G,OAAAA,GAAUgH,UAAU,KAAKvJ,KAAK0B;AACnE,QAAI,CAACmI,SAAS;AACZ,YAAMtD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAACmI,QAAQlI,gBAAgB;AAC3BkI,gBAAQlI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACkI,QAAQlI,eAAemI,QAAQ;AAClCD,kBAAQlI,eAAemI,SAAS,KAAK9J,KAAK0B,YAAYC,eAAemI;QACvE;AACA,YAAI,CAACD,QAAQlI,eAAeoI,qBAAqB;AAC/CF,kBAAQlI,eAAeoI,sBAAsB,KAAK/J,KAAK0B,YAAYC,eAAeoI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKhK,KAAK0B,YAAYsI;QACpD;MACF;AACA,UAAI,CAACH,QAAQlI,eAAeC,eAAe,OAAOiI,QAAQlI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrH+H,gBAAQlI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwBwH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBvH;IAChC;AACA,WAAOwH;EACT;EAEAP,gBAAgBb,cAAwD;AACtE,QAAI,CAAC,KAAKzI,KAAKqJ,aAAc,QAAOvF;AAEpC,UAAMmG,cAAcxB,eAAe,KAAKzI,KAAKqJ,aAAaa,KAAK,CAACC,MAAMA,EAAE5H,YAAYkG,YAAAA,IAAgB3E;AAEpG,WAAOmG,eAAe,KAAKG,kBAAkB3B,YAAAA;EAC/C;EAEQ2B,kBAAkB3B,cAAkC;AAC1D,QAAI,CAAC,KAAKzI,KAAKqJ,aAAc,QAAOvF;AAEpC,UAAMuG,iBAAiB,KAAKrK,KAAKqJ,aAAaa,KAAK,CAACC,MAAMA,EAAE5H,YAAY,SAAA;AACxE,QAAI8H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI5B,iBAAiB3E,QAAW;AAC9BwG,sBAAc/H,UAAUkG;MAC1B;AACA,aAAO6B;IACT;AAEA,WAAOxG;EACT;AACF;;;AGjaO,IAAKyG,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","CredentialMapper","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","definitionId","DcqlQuery","validate","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlPresentation, DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const xx = DcqlPresentation.parse(vpToken)\n console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseStateWithVerifiedData,\n CallbackOpts,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n callback?: CallbackOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n //includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId?: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAGK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAEEC,oBAAAA,yBAWK;AAEP,SAASC,kBAAkBC,iBAAiB;;;AC3B5C,SACEC,wBAEAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SACEC,wBAIK;AAKP,SAASC,oBAAoB;AAG7B,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BN,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaS,2BAA2BC,aAAa;AACxDV,oBAAYS,2BAA2BC,YAAYV;MACrD;IACF;EACF;AAEA,QAAMW,aAAab,eAAec,uBAAwB,MAAMC,mBAAmBnD,OAAAA;AACnF,QAAMoD,eAAelB,OAAOkB,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,YACnCE,iBAAiBnF,SAAS;IACxBoF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCtD,OAAOuD,gBAAgBD;AAC5D,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBvG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBACCrE,OAAOxC,qBAAqB;IAACE,iBAAiBC;IAAgCD,iBAAiB4G;IAAY5G,iBAAiB6G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,yBAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,eAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVlH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFoH,mBAAmB;IACrB;EACF,GACApH,OAAAA,CAAAA,EAGPqH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMyH,WAAWrF,eAAeqF;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM7H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMoH,WAAmB5F,OAAO6E,oBAAoBgB,aAAaF,WAAWG,WAAWC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC9J,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIlD,WAAW;AACbqD,YAAQ6C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B9C,YAAQ+C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE2F,UAAQkD,sBAAsBF,iBAAAA;AAC9B,SAAOhD;AACT;AA3IsB1D;AA6If,SAAS2G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,EAAEiH,2BAA2BtI,MAAAA,KAAWuI,2BAA2BvI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUjE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM1E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFlB,QAAQ;QAAEJ,YAAYlH,OAAOkH;QAAYuB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOd,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOuB;EACjB;AACF;AAfSwF;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC7ShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAoCf,SAAyC;AACtH,UAAM,EAAEgB,eAAeP,SAASQ,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKN;AAC1G,UAAMO,QAAQP,WAAWO,SAASC,OAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,QAAIS;AACJ,UAAMC,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQ1B,OAAAA;AAC/D,QAAI8B,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKlC,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAG/B,8BAA8B;MAC/BgC,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAP;MACAa;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXjC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMO,QAAQP,WAAWO,SAASC,OAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,UAAMU,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQ1B,OAAAA;AAE/D,QAAIyB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK5C,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAM;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AF7FO,IAAMyB,WAAN,MAAMA,UAAAA;EAhDb,OAgDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,KAAKC,iBAAiBF,MAAMF,OAAAA;AAClCK,cAAQC,IAAI,yBAAyBL,KAAKM,UAAUJ,EAAAA,CAAAA,EAAK;AACzD,YAAMK,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQZ,OAAAA,GAAU;AAElD,cAAMa,sBAAsBpB,kBAAiBqB;UAC3CJ;;UAEAlB;QAAAA;AAEFa,gBAAQC,IAAI,wBAAwBL,KAAKM,UAAUM,mBAAAA,CAAAA,EAAsB;AAEzE,cAAME,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBJ,mBAAAA;AAC3D,YAAI,0BAA0BG,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMvE,QAAQwE,MAAMC,eAAe;cAChEL;cACA1B;cACAgC,kBAAkBxC,WAAWa,UAAU4B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCvC,4BAAcC,SAASC,iCAAiCsC;AACxDxC,4BAAcyC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOzC;YACT;AAEA,kBAAM2C,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEArB,mBAAOC,QAAQmB,iBAAAA,EAAmBE,QAAQ,CAAC,CAACxB,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOM,YAAY;AACvBA,0BAAUN,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO0B,KAAK;cACVF,IAAIvB;cACJ0B,MAAMf,GAAGe,KAAK,CAAA;cACd3B,QAAQO;YACV,CAAA;UACF;QACF,OAAO;AACLP,iBAAO0B,KAAK;YACVF,IAAIvB;YACJ0B,MAAOtB,oBAAyDuB,eAAeC;YAC/E7B,QAAQQ;UACV,CAAA;QACF;MACF;AAEA5B,oBAAckD,eAAe;QAC3B,GAAIlD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7C2C,wBAAwB;YACtB3C,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIY,OAAOgC,SAAS,KAAK;UAAEC,mBAAmBjC;QAAO;MACvD;IACF;AAEA,WAAOpB;EACT;EAEQ6B,2BAA2B,wBACjCJ,wBAAAA;AAOA,WAAOpB,kBAAiBiD,yBAAyB7B,mBAAAA,IAC7CA,oBAAoBuB,iBACpB3C,kBAAiBkD,sBAAsB9B,mBAAAA;EAC7C,GAXmC;EAanC,MAAcvE,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAKkE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKrE,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG+E,2BAA2B;QAClC/D,eAAeJ,KAAKI;QACpB+C,OAAOnD,KAAKmD,QAAQ,IAAIC,MAAMpD,KAAKmD,KAAK,IAAI1C;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAekE,4BAA4BpE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAKqE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOtE,KAAKqE,0BAA0B,WACjCE,gBAAgBvE,KAAKqE,qBAAqB,IAC3CrE,KAAKqE;AACX,WAAO,MAAM,KAAKtF,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGoF,4BAA4BF,cAAc;MAC3ClE,eAAeJ,KAAKI;MACpB,GAAIJ,KAAKyE,mBAAmB;QAAEC,WAAW1E,KAAKyE,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAU3E,KAAK2E;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc3G,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAEwG,SAASC,UAAUC,SAASC,mBAAkB,IAAK/E;AAC3D,UAAMgF,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAOlC,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAImC;AACJ,UAAIJ,eAAeE,aAAa;AAC9BG,kBAAUC,SAASN,eAAeE,YAAYX,SAAS;AACvD/C,gBAAQC,IAAI,8BAA8BuD,eAAeE,YAAYnG,OAAO,4BAA4B6F,kBAAAA,EAAoB;AAC5HQ,uBAAeJ,eAAeE,YAAYnG;MAC5C;AACA,UAAIkG,mBAAmB;AACrB,cAAMhH,QAAQwE,MAAM8C,sBAAsB;UAAEC,YAAYP;QAAkB,CAAA;AAC1EzD,gBAAQC,IAAI,6BAA6BwD,kBAAkB9B,EAAE,MAAM8B,kBAAkBQ,IAAI,4BAA4Bb,kBAAAA,EAAoB;AACzIQ,uBAAeH,kBAAkB9B;MACnC;AAEA,aAAOlF,QAAQwE,MAAMiD,qBAAqB;QACxCC,gBAAgB;UACdP;UACAV;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACA1I,MAAM;UAAEoI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc9G,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAM2H,aAAa/F,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAUmJ,IAAID,UAAAA,GAAa;AAClC,YAAMzF,aAAa,KAAKzD,UAAUoD,IAAI8F,UAAAA;AACtC,UAAIzF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAG6G,uBAAuB;UAC/BC,gBAAgBlG,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKkE,SAAS;YAAEA,OAAOlE,KAAKkE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOzD;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAM2H,aAAa7G,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAUmJ,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgBlH,OAAAA;AAC1C,YAAMmH,SAAS,MAAM,KAAKC,aAAalI,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACqH,OAAO/H,eAAeC,aAAaC,YAAY,OAAO6H,OAAO/H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC4H,OAAO/H,gBAAgBC,aAAa;AACvC8H,iBAAO/H,iBAAiB;YAAE,GAAG+H,OAAO/H;UAAe;AACnD+H,iBAAO/H,eAAeC,cAAc;YAAE,GAAG8H,OAAO/H,eAAeC;UAAY;QAC7E;AACAoD,gBAAQC,IAAI,iEAAiE1C,OAAAA;AAC7EmH,eAAO/H,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAU0J,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAM7F,aAAa,KAAKzD,UAAUoD,IAAI8F,UAAAA;AACtC,QAAI/G,qBAAqB;AACvBsB,iBAAWa,UAAUuF,sBAAsB1H;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMgG,aAAalI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAMgK,UAAU,KAAKP,gBAAgBlH,OAAAA,GAAUmH,UAAU,KAAK1J,KAAK0B;AACnE,QAAI,CAACsI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DlE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAACsI,QAAQrI,gBAAgB;AAC3BqI,gBAAQrI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACqI,QAAQrI,eAAesI,QAAQ;AAClCD,kBAAQrI,eAAesI,SAAS,KAAKjK,KAAK0B,YAAYC,eAAesI;QACvE;AACA,YAAI,CAACD,QAAQrI,eAAeuI,qBAAqB;AAC/CF,kBAAQrI,eAAeuI,sBAAsB,KAAKlK,KAAK0B,YAAYC,eAAeuI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKnK,KAAK0B,YAAYyI;QACpD;MACF;AACA,UAAI,CAACH,QAAQrI,eAAeC,eAAe,OAAOoI,QAAQrI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHkI,gBAAQrI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwB2H,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB1H;IAChC;AACA,WAAO2H;EACT;EAEAP,gBAAgBb,cAAwD;AACtE,QAAI,CAAC,KAAK5I,KAAKwJ,aAAc,QAAO1F;AAEpC,UAAMsG,cAAcxB,eAAe,KAAK5I,KAAKwJ,aAAaa,KAAK,CAACC,MAAMA,EAAE/H,YAAYqG,YAAAA,IAAgB9E;AAEpG,WAAOsG,eAAe,KAAKG,kBAAkB3B,YAAAA;EAC/C;EAEQ2B,kBAAkB3B,cAAkC;AAC1D,QAAI,CAAC,KAAK5I,KAAKwJ,aAAc,QAAO1F;AAEpC,UAAM0G,iBAAiB,KAAKxK,KAAKwJ,aAAaa,KAAK,CAACC,MAAMA,EAAE/H,YAAY,SAAA;AACxE,QAAIiI,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI5B,iBAAiB9E,QAAW;AAC9B2G,sBAAclI,UAAUqG;MAC1B;AACA,aAAO6B;IACT;AAEA,WAAO3G;EACT;AACF;;;AGxWO,IAAK4G,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","CredentialMapper","DcqlPresentation","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","xx","DcqlPresentation","console","log","stringify","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","definitionId","DcqlQuery","validate","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth",
3
- "version": "0.34.1-fix.170+4049c8c7",
3
+ "version": "0.34.1-fix.171+3754c1bc",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -30,18 +30,18 @@
30
30
  "@sphereon/did-auth-siop-adapter": "0.19.1-fix.161",
31
31
  "@sphereon/oid4vc-common": "0.19.1-fix.161",
32
32
  "@sphereon/pex": "5.0.0-unstable.28",
33
- "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-fix.170+4049c8c7",
34
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.170+4049c8c7",
35
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.170+4049c8c7",
36
- "@sphereon/ssi-sdk.core": "0.34.1-fix.170+4049c8c7",
37
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.170+4049c8c7",
38
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.170+4049c8c7",
39
- "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-fix.170+4049c8c7",
40
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.170+4049c8c7",
41
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.170+4049c8c7",
42
- "@sphereon/ssi-sdk.sd-jwt": "0.34.1-fix.170+4049c8c7",
43
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.170+4049c8c7",
44
- "@sphereon/ssi-types": "0.34.1-fix.170+4049c8c7",
33
+ "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-fix.171+3754c1bc",
34
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.171+3754c1bc",
35
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.171+3754c1bc",
36
+ "@sphereon/ssi-sdk.core": "0.34.1-fix.171+3754c1bc",
37
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.171+3754c1bc",
38
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.171+3754c1bc",
39
+ "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-fix.171+3754c1bc",
40
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.171+3754c1bc",
41
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.171+3754c1bc",
42
+ "@sphereon/ssi-sdk.sd-jwt": "0.34.1-fix.171+3754c1bc",
43
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.171+3754c1bc",
44
+ "@sphereon/ssi-types": "0.34.1-fix.171+3754c1bc",
45
45
  "@sphereon/wellknown-dids-client": "^0.1.3",
46
46
  "@veramo/core": "4.2.0",
47
47
  "@veramo/credential-w3c": "4.2.0",
@@ -84,5 +84,5 @@
84
84
  "OpenID Connect",
85
85
  "Authenticator"
86
86
  ],
87
- "gitHead": "4049c8c7de4357ef6a5772807aec15769ce714cf"
87
+ "gitHead": "3754c1bc0327ad2bfec81912fdeae0b7b66d21e3"
88
88
  }
package/src/agent/SIOPv2RP.ts CHANGED
@@ -4,7 +4,8 @@ import {
4
4
  AuthorizationResponseState,
5
5
  AuthorizationResponseStateStatus,
6
6
  AuthorizationResponseStateWithVerifiedData,
7
- decodeUriAsJson, EncodedDcqlPresentationVpToken,
7
+ decodeUriAsJson,
8
+ EncodedDcqlPresentationVpToken,
8
9
  VerifiedAuthorizationResponse
9
10
  } from '@sphereon/did-auth-siop'
10
11
  import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
@@ -12,23 +13,19 @@ import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
12
13
  import {
13
14
  AdditionalClaims,
14
15
  CredentialMapper,
15
- //decodeSdJwtVc,
16
16
  HasherSync,
17
17
  ICredentialSubject,
18
18
  IPresentation,
19
- //IProofPurpose,
20
- //IProofType,
21
19
  IVerifiableCredential,
22
20
  IVerifiablePresentation,
23
21
  JwtDecodedVerifiablePresentation,
24
22
  MdocDeviceResponse,
25
23
  MdocOid4vpMdocVpToken,
26
24
  OriginalVerifiablePresentation,
27
- SdJwtDecodedVerifiableCredential,
28
- //sha256
25
+ SdJwtDecodedVerifiableCredential
29
26
  } from '@sphereon/ssi-types'
30
27
  import { IAgentPlugin } from '@veramo/core'
31
- import { DcqlQuery } from 'dcql'
28
+ import { DcqlPresentation, DcqlQuery } from 'dcql'
32
29
  import {
33
30
  IAuthorizationRequestPayloads,
34
31
  ICreateAuthRequestArgs,
@@ -48,7 +45,6 @@ import {
48
45
  } from '../index'
49
46
  import { RPInstance } from '../RPInstance'
50
47
  import { ISIOPv2RP } from '../types/ISIOPv2RP'
51
- //import { jwtDecode } from 'jwt-decode'
52
48
 
53
49
  export class SIOPv2RP implements IAgentPlugin {
54
50
  private readonly opts: ISiopv2RPOpts
@@ -139,9 +135,13 @@ export class SIOPv2RP implements IAgentPlugin {
139
135
  hasher = defaultHasher
140
136
  }
141
137
 
138
+
142
139
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
140
+ const xx = DcqlPresentation.parse(vpToken)
141
+ console.log(`IS DCQL PRESENTATION: ${JSON.stringify(xx)}`)
143
142
  const claims = []
144
143
  for (const [key, value] of Object.entries(vpToken)) {
144
+ // todo this should also include mdl-mdoc
145
145
  const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
146
146
  value as OriginalVerifiablePresentation,
147
147
  //todo: later we want to conditionally pass in options for mdl-mdoc here
@@ -149,7 +149,7 @@ export class SIOPv2RP implements IAgentPlugin {
149
149
  )
150
150
  console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
151
151
 
152
- let allClaims: AdditionalClaims = {}
152
+ const allClaims: AdditionalClaims = {}
153
153
  const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)
154
154
  if ('verifiableCredential' in presentationOrClaims) {
155
155
  for (const credential of presentationOrClaims.verifiableCredential) {
@@ -191,75 +191,18 @@ export class SIOPv2RP implements IAgentPlugin {
191
191
  }
192
192
  }
193
193
 
194
- // const claimsPromises = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
195
- // .map(async (presentation: OriginalVerifiablePresentation) => {
196
- // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
197
- // presentation,
198
- // //todo: later we want to conditionally pass in options for mdl-mdoc here
199
- // hasher,
200
- // )
201
- //
202
- //
203
- //
204
- // return {
205
- // id: presentationDecoded.id
206
- // }
207
- //
208
- // })
209
-
210
- // // todo this should also include mdl-mdoc
211
- // const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
212
- // responseState.response.payload.vp_token as OriginalVerifiablePresentation,
213
- // //todo: later we want to conditionally pass in options for mdl-mdoc here
214
- // hasher,
215
- // )
216
- // console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)
217
-
218
194
  responseState.verifiedData = {
219
195
  ...(responseState.response.payload.vp_token && {
220
196
  authorization_response: {
221
- vp_token: typeof responseState.response.payload.vp_token === 'string' // TODO we might not need this string check
197
+ vp_token: typeof responseState.response.payload.vp_token === 'string'
222
198
  ? JSON.parse(responseState.response.payload.vp_token)
223
199
  : responseState.response.payload.vp_token
224
200
  }
225
201
  }),
226
- credential_claims: claims//(this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []).map()
202
+ ...(claims.length > 0 && { credential_claims: claims })
227
203
  }
228
-
229
- // switch (args.includeVerifiedData) {
230
- // case VerifiedDataMode.VERIFIED_PRESENTATION:
231
- // responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)
232
- // break
233
- // case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT
234
- // const allClaims: AdditionalClaims = {}
235
- // for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {
236
- // const vc = credential as IVerifiableCredential
237
- // const schemaValidationResult = await context.agent.cvVerifySchema({
238
- // credential,
239
- // hasher,
240
- // validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,
241
- // })
242
- // if (!schemaValidationResult.result) {
243
- // responseState.status = AuthorizationResponseStateStatus.ERROR
244
- // responseState.error = new Error(schemaValidationResult.error)
245
- // return responseState
246
- // }
247
- //
248
- // const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims
249
- // if (!('id' in allClaims)) {
250
- // allClaims['id'] = credentialSubject.id
251
- // }
252
- //
253
- // Object.entries(credentialSubject).forEach(([key, value]) => {
254
- // if (!(key in allClaims)) {
255
- // allClaims[key] = value
256
- // }
257
- // })
258
- // }
259
- // responseState.verifiedData = allClaims
260
- // break
261
- // }
262
204
  }
205
+
263
206
  return responseState
264
207
  }
265
208